Information Security Risk and Controls Senior Manager

The Information Security Risk and Controls Senior Manager will be part of a team that establishes Experian's information security risk and controls framework informed by industry standards and latest risks. You will provide subject matter expertise for cyber risk management practices and security control guidance to control owners. You will report to the Director of Information Security Risk and Controls Assurance.

Responsibilities:

• Lead the second line security risk and controls team, framing and driving the vision for a security risk management framework.
• Collaborate with global partners, including 1LoD and 2LoD risk practitioners, to develop the enterprise security risk management program.
• Partner with Global Risk Management (GRM), the Business, departments and other divisional and enterprise risk partners to ensure comprehensive identification, tracking, measurement, mitigation, resolution, and reporting of risks to provide second line oversight of security risk.
• Maintain the information security risk and controls framework following industry standards, enterprise security policies, changing technological landscape, and latest risks.
• Use experience in business processes and technical knowledge to influence the quality of control design to support ongoing control implementation programs.
• Be the primary security risk liaison for Departments, including executive partners. Communicate with business and technology leaders to ensure visibility to and understanding of security risks.
• Maintain knowledge of security best practices, security regulations, trends in the markets including cloud and AI, and their impact on Experian's risk environment.

• Demonstable performing Information Security Risk Management responsibilities and control assessments.
• Background in Information Security Risk managerial/management experience or cyber security consulting experience.
• Expertise in all phases of the risk management lifecycle and execution of these phases within a technology or security risk management program.
• CISSP, CISA, CISM, CRISC or comparable certifications.
• Knowledge of information security risk management frameworks such as Open FAIR, NIST 800-37, NIST 800-39
• Experience with cloud security controls across multiple Cloud Service Providers (CSPs).
• Knowledge of information security control frameworks such as ISO 27001, NIST, PCI, and HIPAA.
• Experience with GRC tools, such as Archer preferred.

• Flexible work environment, working hybrid or in the office if you prefer.
• Great compensation package and discretionary bonus plan
• Core benefits include pension, bupa healthcare, sharesave scheme and more
• 25 days annual leave with 8 bank holidays and 3 volunteering days. You can purchase additional annual leave.